From: Rajesh Jose (rajesh.jose@paladion.net)
Date: Sat Jan 31 2004 - 07:27:35 EST
Sanjay,
Can you try telnetting to the server on port 80 and 443.
Telnet www.yourclientserver.com 80.
Try nmap or any other syn port scanner to port 80 and 443 only.
nmap -P0 -sS -p 80, 443 www.yourclientserver.com
You should get a reply (syn/ack) from the server for both of the above
commands if the ports are open.
In nessus vulnerability scan try giving the following settings
1) Scan only user specified range (Give common ports used by IIS and
Exchange)
2) Change "checks_read_timeout = " value in nessusd.conf or .nessusrc to
15 seconds (This will help if you are using a slow network link)
Regards,
Rajesh Jose, CISSP
Paladion Networks.
Ph: +91 22 55910513 / 27892889
Web: http://www.paladion.net
Mob: 098205 04308
"This e-mail message may contain confidential or proprietary
information. Do not use it if you are not the original intended
recipient. As e-mail may be altered electronically, Paladion Networks
cannot guarantee the integrity of this communication. Before opening any
attachments please recheck them for viruses and defects."
-----Original Message-----
From: Sanjay K. Patel [mailto:sanjay.patel@rexwire.com]
Sent: Saturday, January 31, 2004 3:26 AM
To: 'Clement Dupuis'
Cc: pen-test@securityfocus.com
Subject: RE: Interesting challenge
almost everyone who replied pointed towards icmp. We have tried running
the
test with icmp disabled. We still do not get a reply on those ports.
-SKP
-----Original Message-----
From: Clement Dupuis [mailto:cdupuis@cccure.org]
Sent: Friday, January 30, 2004 3:06 PM
To: 'Sanjay K. Patel'
Subject: RE: Interesting challenge
Have you carefully looked at some of the buried down setting under your
scanners. It might simply be that it is expecting a reply from a ping
request before doing the scanning.
Clement
>> -----Original Message-----
>> From: Sanjay K. Patel [mailto:sanjay.patel@rexwire.com]
>> Sent: Friday, January 30, 2004 11:43 AM
>> To: pen-test@securityfocus.com
>> Subject: Interesting challenge
>>
>>
>>
>>
>> We are doing a pen test for a client and have run into a interesting
>> situation. The client has a server running IIS and Exchange we can
get to
>> it
>> through a browser but when we try to run Nessus or Eeye Retina
against
>> it,
>> neither product can find the server. The client is not running any
IDS
>> system has a simple firewall. A port scan revels no open port though
port
>> 80
>> is open since the server is serving pages.
>>
>>
>> SKP
>>
>>
>>
>>
------------------------------------------------------------------------
-
>> --
>>
------------------------------------------------------------------------
-
>> ---
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:47 EDT